Some hackers have lost their way. Today, countless techies have entered the for-profit cybersecurity business, potentially neglecting what one security researcher calls their responsibility to civil society: helping at-risk users like dissidents with the security of their work, for example.
To that end, Claudio Guarnieri, who has spent years analyzing cyberattacks against activists and journalists, has launched a new project tentatively titled 'Security Without Borders', which he hopes will more effectively connect white hat hackers with targeted groups and individuals. Guarnieri announced the project at the Chaos Communication Congress hacking festival in Hamburg on December 28.
"Civil society basically isn't going to secure itself," Guarnieri told Motherboard in an interview. "It's not going to be able to build that kind of expertise that is required to actually face the issues and even understand the issues that exist."
On the Security Without Borders website, visitors can click a "Request Assistance" button, which takes them through to a form asking for some basic information: their name, the type of work they do, and what sort of help they're after. That might include a security assessment for a human rights defender, general advice, or maybe someone could send a suspicious link they are worried was part of an attempted attack against them.
This message is then sent through to an internal communication platform that the group is using, Guarnieri told Motherboard.
At the moment, Security Without Borders is made up of between 20 and 30 people, Guarnieri said, including malware analysts, engineers, and system administrators.
"Some of us work in corporate security, some of us in academia, and some others in human rights organizations," the Security Without Borders website continues. "We want to dedicate some of our time to the betterment of global society."
It's early days, but the project already has a public mailing list, and once people are trusted, they may be invited to work on more sensitive parts of the project, Guarnieri explained. A proposed idea is also creating a newsletter for at-risk groups about recent vulnerabilities or developments in cybersecurity; stuff that they might not always see unless someone presents it to them.
"The idea is to create an external network of people that don't necessarily want to abandon their career path in infosec, but they might be willing to volunteer some time, maybe help out anonymously, maybe not," Guarnieri said. "Our community needs to find again that political engagement."
Get six of our favorite Motherboard stories every day by signing up for our newsletter.